// SPDX-License-Identifier: GPL-2.0 /* * SafeSetID Linux Security Module * * Author: Micah Morton <[email protected]> * * Copyright (C) 2018 The Chromium OS Authors. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, as * published by the Free Software Foundation. * */ #define pr_fmt(fmt) … #include <linux/security.h> #include <linux/cred.h> #include "lsm.h" static DEFINE_MUTEX(uid_policy_update_lock); static DEFINE_MUTEX(gid_policy_update_lock); /* * In the case the input buffer contains one or more invalid IDs, the kid_t * variables pointed to by @parent and @child will get updated but this * function will return an error. * Contents of @buf may be modified. */ static int parse_policy_line(struct file *file, char *buf, struct setid_rule *rule) { … } static void __release_ruleset(struct rcu_head *rcu) { … } static void release_ruleset(struct setid_ruleset *pol){ … } static void insert_rule(struct setid_ruleset *pol, struct setid_rule *rule) { … } static int verify_ruleset(struct setid_ruleset *pol) { … } static ssize_t handle_policy_update(struct file *file, const char __user *ubuf, size_t len, enum setid_type policy_type) { … } static ssize_t safesetid_uid_file_write(struct file *file, const char __user *buf, size_t len, loff_t *ppos) { … } static ssize_t safesetid_gid_file_write(struct file *file, const char __user *buf, size_t len, loff_t *ppos) { … } static ssize_t safesetid_file_read(struct file *file, char __user *buf, size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) { … } static ssize_t safesetid_uid_file_read(struct file *file, char __user *buf, size_t len, loff_t *ppos) { … } static ssize_t safesetid_gid_file_read(struct file *file, char __user *buf, size_t len, loff_t *ppos) { … } static const struct file_operations safesetid_uid_file_fops = …; static const struct file_operations safesetid_gid_file_fops = …; static int __init safesetid_init_securityfs(void) { … } fs_initcall(safesetid_init_securityfs);
Codebase Browser
linux